4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current
directory, which might cause Inkspace to process unintended files, allow
local users to obtain sensitive information, and possibly have other
unspecified impacts.
Author | Note |
---|---|
seth-arnold | “low” priority due to symlink and hardlink restrictions in Ubuntu’s Linux kernels; without those protections, “medium” would be more appropriate. Multiple patches are proposed in the bugreport; NewAndUndoOld appears to be preferred from comments #11 and #12 |
mdeslaur | 0.48.4 has fix, albeit the older fix. inkscape in lucid doesn’t do the chdir into /tmp, so not-affected |